Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, October 18, 2008

I wonder if any other corporate asset gets “lost” as frequently as backup tapes? Perhaps in ancient times, cash was “lost” in transit, but we went to electronic funds transfer and that rarely happens today. Perhaps electronic transfer of backup data would solve this problem?

On September 17, ID Experts notified the New Hampshire Attorney General's Office that a backup tape belonging to Regal Entertainment Group that contained personal data was lost on August 29, 2008.

In its notification to those affected, the company writes:

We recently learned that individual employees violated established procedures during a routine exercise and lost some supplier's and other individual's data which was contained on a system backup tape. Our investigation indicates that some of your personal information, including your Social Security number, name, and address may have been included in the lost backup tape. However, it is important to note that absolutely no customer or guest data was exposed.

The bulk of the notification to the state and those affected outlines the free services Regal is offering those affected and what people can do to protect themselves after the fact, but apart from indicating that 120 NH residents were affected, their disclosure does not indicate how many individuals were affected total and whether the data on the backup tape were encrypted. Nor do they explain how the employees violated procedure.

... inadvertently posted on the indygov.org Web site on Sept. 29 during a site upgrade

[Evan] This is a good reason why we use change control and a good reason why an integral part of change control is information security involvement. On the surface, a web site upgrade may seem innocent enough, but the risk can be enormous. Everything accessible (on purpose or on accident) on or through a web site is public. Be very careful that ONLY public information is accessible and test the dickens out of it.

The mistake wasn't discovered until Oct. 9, when the file was immediately removed

[Evan] It is not clear how the file was discovered or by whom

... "This is an unfortunate example of human error; however, once we discovered that personal information was posted, ISA took aggressive action to correct the problem, to notify the affected individuals and to prevent this type of disclosure from happening again," said Kevin Ortell, interim chief information officer for ISA.

[Evan] I think this is bigger than a simple "human error". I'm guessing its more like business process error that left the door open to human error.

In this week's Fed Blotter, Nicholas Lakes and Viachelav Berkovich are charged with computer fraud for a man-in-the-middle attack that allegedly let them run a profitable trucking company without the hassle of driving a truck.

For over three years the Russian immigrants repeatedly hacked a Department of Transportation website called Safersys.org, which maintains a list of licensed interstate trucking companies and brokers, according to an affidavit (.pdf) filed by a department investigator. There, the pair would temporarily change the contact information for a legitimate trucking company to an address and phone number under their control.

The men then took to the web-based "load boards" where brokers advertise cargo in need of transportation. They'd negotiate a deal, for example, to transport cargo from American Canyon, California, to Jessup, Maryland, for $3,500.

But instead of transporting the load, Lakes and Berkovich would outsource the job to another trucking company, the feds say, posing as the legitimate company whose identity they'd hijacked. Once the cargo was delivered, the men allegedly invoiced their customer and pocketed the funds. But when the company that actually drove the truck tried to get paid, they'd eventually discover that the firm who'd supposedly hired them didn't know anything about it.

The men allegedly pulled in nearly $500,000 in the scheme before Smokey caught up with them. They're charged (.pdf) with computer, mail and wire fraud in a federal indictment in Los Angeles.

This company provides tools for creating surveys of very different denomination, and there are different plans to choose from. The features of these are described in the section that goes by the corresponding name. Basically, free surveys come with multi-lingual support (which means that every element at play can be set in the language the user chooses), and a track response feature (useful for seeing exactly who answered the survey and how).

Extra features that are part of the different plans available include tools for filtering results and image upload as answer choices, along with a bigger degree of customization. For instance, the user can brand surveys by including its own logo, and create custom themes that can also be saved and used later on.

You can find more about the features of each specific plan along with pricing information by setting your browser to StellarSurvey.com. The site also features sample surveys that are illustrative of the services on offer and how they can make for reaching an immediate public in an effective way.

Self-dubbed as “the first global video community for learning languages”, Lingorilla stands as a useful resource that takes full advantage of the latest technological developments that the Internet has brought along.

The approach of the site is very commendable, because (as any linguist can tell you) the one and true manner of picking up a language is actually living in the country where it is spoken. To a certain extent, what Lingorilla does is to bring the country to you by providing a live sampler of how is the language spoken. And it is not only a matter of pronunciation – facial gestures and expressions are also an intrinsic part of any language, and through Lingorilla you will have access to that.

Further resources include quizzes for testing your progress, and learning documents that can be consulted whenever you wish. Flashcards for expanding your vocabulary are likewise featured.

The site also has a social network flavor to it since you can make friends from all over the globe, and join in the existing language groups. It is also possible for you to create a group of your own. [COBOL anyone? Bob]

Posted by ScuttleMonkey on Friday October 17, @04:05PM from the anywhere-that-has-an-optical-drive-that-is dept. Operating Systems BSD

The call of ktulu writes

"Good things come to those who wait. After eight months of work the relatively new project BSDanywhere has announced its first final release 4.3. BSDanywhere is a bootable Live-CD image based on OpenBSD. It consists of the entire OpenBSD base system (without compiler) plus enlightenment desktop, an unrepresentative collection of software, automatic hardware detection and support for many graphics cards, sound cards, SCSI and USB devices as well as other peripherals. Give it a spin."

"When Sun released Solaris to the open source community in the form of OpenSolaris, would anyone have guessed that it would soon wind up running on IBM System z mainframes? Amazingly, that milestone has now been achieved. Sine Nomine Associates is making its first release of OpenSolaris for System z available for free and public download. Source code is also available. OpenSolaris for System z requires a System z9 or z10 mainframe and z/VM, the hypervisor that's nearly universal to mainframe Linux installations. (The free, limited term z/VM Evaluation Edition is available for z10 machines.) Like Linux, OpenSolaris will run on reduced price IFL processors."

Friday, October 17, 2008

These articles suggest the FBI “infiltrated” the site. Earlier stories claimed they created the site. Either way, the site passed stolen card numbers to crooks. Perhaps “infiltrated” results in fewer lawsuits?

The Internal Revenue Service left taxpayer data exposed by deploying two major computer systems despite knowing that they harbor security vulnerabilities, according to a report released publicly today by the Treasury Inspector General for Tax Administration (TIGTA).

Companies that secretly helped the government's secret anti-terrorism surveillance operations without requiring valid legal orders have found their reputations sullied, their billboards re-decorated and their lawyers busy fending off suits seeking billions in damages. Just ask AT&T.

But given that the government's spooks will continue to rely on private companies -- especially telecoms -- to help with their secret intelligence efforts, could these companies actually serve as a watchdog protecting the country from intrusive, lawbreaking spying?

Jon Michaels, an acting professor at UCLA Law School, thinks they could.

The key, according to Michaels' article in the California Law Review, is making such companies tell the appropriate Congressional committees and inspectors general in regular reports when they transfer information about Americans to the government's spy agencies. Congress also much find a clear way to punish companies which cooperate informally and immunize those who follow legal orders.

Google has offered no explanation as to what is causing the ongoing Gmail problem nor why it will take the company so long to restore service

By Juan Carlos Perez, IDG News Service October 16, 2008

... At around 5 p.m. Eastern Time on Wednesday, Google announced in the official Google Apps discussion forum that the company was aware of a problem preventing Gmail users from logging into their accounts and that it expected a solution by 9 p.m. on Thursday.

Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.

We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.

Posted by timothy on Friday October 17, @05:51AM from the unarmed-populace dept. Censorship Government The Internet Politics

sparky1240 writes

"While Americans are currently fighting the net-neutrality wars, spare a thought for the poor Australians — The Australian government wants to implement a nation-wide 'filtering' scheme to keep everyone safe from the nasties on the internet, with no way of 'opting out': 'Under the government's $125.8 million Plan for Cyber-Safety, users can switch between two blacklists which block content inappropriate for children, and a separate list which blocks illegal material. ... According to preliminary trials, the best Internet content filters would incorrectly block about 10,0000 [SIC] Web pages from one million."

Related – let them access the data, then arrest them. (We've always had the technology to do this, but the volumes and related delays made it impractical.)

Posted by timothy on Thursday October 16, @06:03PM from the in-case-they-run-out-of-human-tools dept. Privacy The Internet

timdogg writes

"Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."

Is this likely to become common as manufacturers/vendors try to protect the performance or even the “look & feel” of their products?

Posted by CmdrTaco on Thursday October 16, @11:28AM from the now-that's-not-very-open dept. Google Cellphones

Aviran writes

"The search giant is retaining the right to delete applications from Android handsets on a whim. Unlike Apple, the company has made no attempt to hide its intentions, and includes the details in the Android Market terms and conditions, as spotted by Computer World: 'Google may discover a product that violates the developer distribution agreement... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion.'"

If neighborhoods, why not counties? Perhaps we could patent the process of selecting unique names for babies and then appending family names?

A mathematician who pioneered a fractal-based urban-mapping technique is embroiled in a copyright battle that raises legal questions about whether a company can claim ownership of the definition of neighborhoods: their specific locations and boundaries. The dispute highlights a growing movement to quantify the amorphous tendrils connecting communities.

Bernt Wahl had the idea in 2004 to use a blend of mathematical modeling and old-fashioned shoe leather to map out unofficial neighborhoods — areas like Bernal Heights in San Francisco, or New Orleans' French Quarter — whose borders are drawn mostly in the minds of the inhabitants.

Since then, he's produced maps defining more than 18,000 neighborhoods in 350 U.S. and international cities, which are used in everything from search localization to epidemiology. The Federal Deposit Insurance Corp. is currently using Wahl's maps to better understand which neighborhoods are being slammed hardest by the mortgage crisis.

Vermont-based mapping company Maponics is now suing Wahl to keep him from creating any more neighborhood maps "derived from or containing parts of" the original maps he produced four years ago, which defined 7,000 neighborhoods in 100 cities. Wahl did that work as a contractor for a real estate web portal, which then sold the copyright to Maponics. Because American's biggest metropolitan areas were included in the original batch of maps, the lawsuit could effectively bar Wahl from the mapmaking business for good.

Nottinghamshire Police has begun providing funds for people who live in burglary hotspots to install theft-recovery software on their laptops.

The police force is paying for licences for Absolute Software's ComputraceOne, which connects the company's monitoring centre to a machine every 24 hours, and every 15 minutes if it is reported stolen.

Absolute Software said that, even if a thief tries to wipe the system, the application self heals and allows the tracking process to continue. It is loaded on the hard drive of a computer, while support for the ComputraceOne agent is embedded in the Bios. [Think: Rootkit! Bob] If the hard drive is reformatted or replaced, the ComputraceOne agent support in the Bios rebuilds the necessary application files on the hard drive as required by the customer.

Posted by samzenpus on Thursday October 16, @03:59AM from the do-not-pass-go dept. Security

truthsearch writes

"Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."

[From the article:

The contents may or may not be incriminating: the key is neutral."

Is this a model for future laws? I don't think so, but I've only skimmed it. My guess is they only beat California because of TJX.

News release: "In keeping with the Patrick Administration’s commitment to protecting consumers, the Office of Consumer Affairs and Business Regulation (OCABR) last Friday issued a comprehensive set of final regulations establishing standards for how businesses protect and store consumers’ personal information. Additionally, Governor Patrick has signed an executive order requiring all state agencies to immediately take steps to implement security measures consistent with the requirements established by OCABR's regulations for private companies. The order calls for the adoption of uniform standards across government that protect the integrity of personal information and further the objectives of the identity theft prevention law."

In order to protect you from those who would invade your privacy, we need to invade your privacy, because only by acting like terrorists can we stop terrorists. (“In order to liberate the village, we had to destroy it.”)

Posted by samzenpus on Thursday October 16, @12:08AM from the what-are-you-writing dept. Privacy Government

ericcantona writes

"The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity'."

Canada's Privacy Commissioner seems to take privacy seriously. Would that the UK listened to their colonies – they might still have some.

The Privacy Commissioner of Canada has prepared a draft guidance document that sets out good practice rules for private sector organizations that are either contemplating or using covert video surveillance.

Through our experience in investigating complaints about covert video surveillance under the Personal Information Protection and Electronic Documents Act (PIPEDA), we have identified a need to educate organizations on the obligation to ensure that covert video surveillance is conducted in the most privacy sensitive way possible. Although the use of covert video surveillance may be appropriate in some circumstances, we view the technology as being inherently intrusive.

Googling for "SQL injection" gets about 4 million hits. The topic excites interest and superstitious fear. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity to SQL injection.

Only when a PL/SQL subprogram executes SQL that it creates at run time is there a risk of SQL injection; and you'll see that it's easier than you might think to freeze the SQL at PL/SQL compile time. Then you'll understand that you need the rules which prevent the risk only for the rare scenarios that do require run-time-created SQL. It turns out that these rules are simple to state and easy to follow.

Posted by samzenpus on Thursday October 16, @07:57AM from the wasting-time-not-your-brain dept. The Internet Science

ddelmonte writes

"This Washington Post article examines a test conducted at UCLA. The test had two groups, young people who used the Internet, and older people who had never been online. Both groups were asked to do Internet searches and book reading tasks while their brain activity was monitored. "We found that in reading the book task, the visual cortex — the part of the brain that controls reading and language — was activated," Small said. "In doing the Internet search task, there was much greater activity, but only in the Internet-savvy group." [Perhaps older folk think of the Internet as a book? Bob] He said it appears that people who are familiar with the Internet can engage in a much deeper level of brain activity. "There is something about Internet searching where we can gauge it to a level that we find challenging," Small said. In the aging brain, atrophy and reduced cell activity can take a toll on cognitive function. Activities that keep the brain engaged can preserve brain health and thinking ability. Small thinks learning to do Internet searches may be one of those activities."

The 30th International Conference of Data Protection and Privacy Commissioners begins today in Strasbourg, and one of our readers alerts us that if you go to www.privacyconference2008.org, there's a live stream of the conference sessions.

Bruce Schneier, Simon Davies and others are on one of the panels, which begins at 8:15 EST today.

A sophisticated "chip and pin" scam run by criminal gangs in China and Pakistan is netting millions of pounds from the bank accounts of British shoppers, America's top cyber security official has revealed.

By Henry Samuel in Paris Last Updated: 9:25AM BST 15 Oct 2008

Dr Joel Brenner, the US National Counterintelligence Executive, warned that hundreds of chip and pin machines in stores and supermarkets across Europe have been tampered with to allow details of shoppers' credit card accounts to be relayed to overseas fraudsters.

These details are then used to make cash withdrawals or siphon off money from card holders' accounts in what is one of the largest scams of its kind.

In an exclusive interview with The Daily Telegraph, America's counterintelligence chief said: "Previously only a nation state's intelligence service would have been capable of pulling off this type of operation. [Any indication that wasn't the case here? Bob] It's scary."

An organised crime syndicate is suspected of having tampered with the chip and pin machines, either during the manufacturing process at a factory in China, or shortly after they came off the production line.

In what is known as a "supply chain attack", criminals managed to bypass security measures and doctor the devices before they were dispatched from the factories where they were made.

The machines were opened, tampered with and perfectly resealed, said Dr Brenner, "so that it was impossible to tell even for someone working at the factory that they had been tampered with." They were then exported to Britain, Ireland, the Netherlands, Denmark and Belgium.

Posted by kdawson on Tuesday October 14, @02:43PM from the flashblock-considered-mandatory dept.

Wiini recommends a blog posting exploring Flash cookies, a little-known threat to privacy, and how you can get control of them. 98% of browsers have Macromedia Flash Player installed, and the cookies it enables have some interesting properties. They have no expiration date; they store 100 KB of data by default, with an unlimited maximum; they can't be deleted by your browser; and they send previous visit information and history, by default, without your permission. I was amazed at some of the sites, not visited in a year or more, that still had Flash cookies on my machine. Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation

Posted by kdawson on Wednesday October 15, @08:11AM from the sauce-for-geese dept. Republicans Politics

Colz Grigor writes

"It appears that CBS and Fox have submitted DMCA takedown notices to YouTube for videos from the McCain campaign. The campaign is now complaining about YouTube's DMCA policy making it too easy for copyright holders to remove fair-use videos. I hope they pursue this by addressing flaws in the DMCA."

I think it's not so much the “Google-ization” of Youtube, but the trend away from scheduled tv to video on demand.

Posted by timothy on Tuesday October 14, @01:27PM from the your-safe-search-is-showing dept. Google The Almighty Buck The Internet The Media Entertainment

Dekortage writes

"According to the latest ComScore rankings, YouTube's search traffic for August surpassed Yahoo's. The latter dropped roughly 5% in traffic from July. Among other things, this means that Google now owns both of the top two search engines. AdAge further speculates on Google's experimental 'promoted videos' cost-per-click advertising on YouTube, suggesting the obvious: more money."

Posted by kdawson on Tuesday October 14, @07:02PM from the keep-it-cheap dept. Education Linux

Whiteox writes

"The Australian Prime Minister's plan to equip high schools with 'one laptop per child' may go open source. Kevin Rudd's $56 million digital revolution will include 'laptops [that will] run on an open source operating system with a suite of open source applications like those packaged under Edubuntu. This would include Open Office for productivity software, Gimp for picture editing and the Firefox internet browser.' So far this has been considered for New South Wales and I think other states may follow."

e-Discovery Teams Can Meet the Challenges of the “Zubulake Duty” and Control Excessive Costs

United States District Court Judge Shira A. Scheindlin, one of the leading jurists in the field of electronic discovery, is credited with first establishing what has become known as the Zubulake duty. Judge Scheindlin (shown right) contends that all attorneys who litigate have an affirmative duty to understand their clients’ computer systems sufficiently to know where all of the potential electronic evidence is stored.

Following two straight years of reporting declines in the number of new lawsuits and regulatory proceedings - including a drop in large-dollar cases - U.S. companies now anticipate an uptick in new actions and government probes, as well as the need to hire more in-house litigation staff to help manage the expected rise in disputes. Such is the outlook from the 2008 Litigation Trends Survey just published by international law firm Fulbright & Jaworski L.L.P.

... Companies also detect a spike in specific types of actions - nearly a third (32%) of Fulbright respondents reported a jump in multi-plaintiff suits stemming from wage-and-hour claims by employees in the past year, with 29% notching an increase in discrimination cases, including age claims. Companies also cited a noticeable rise in privacy lawsuits, whether class or collective actions.

Posted by kdawson on Tuesday October 14, @11:07PM from the hang-up-and-drive dept. Cellphones Transportation

An anonymous reader writes

"Canadian company Aegis Mobility has developed software that detects if a cell phone is moving at 'car' speeds. If so, the software, DriveAssistT, will alert the cellular network, telling it to hold calls and text messages until the drive is over. Calls are not blocked entirely; callers will be notified that the person appears to be driving, but they can still leave an emergency voice mail, which will be sent through immediately."

"Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."

Clivir is an online community that lets you be student and teacher at the very same time. You can browse the existing classrooms and learn from a wide number of lessons, or create your very own lessons and classrooms for the benefit of other internauts.

As it could be expected, the main page is made up of categories such as “Lessons” and “Classrooms” where items of note are featured and can be browsed at will along with the most recent classrooms and lessons that have been added. In addition to that, a “Questions” section is included and both popular and recent questions are showcased. These deal with issues such as “How do you make lessons on Clivir?” and so forth.

Registration must be dealt with in order to take part of online classes or create a classroom. This process comes at no cost, and once it is completed you become a “Clivir”. New Clivirs are displayed on the main page, along with featured Clivirs.

Officials at Olympic College are investigating how confidential student information was leaked and made available online for nearly a year. Currently, four Web sites designed to supplement courses taught at OC have been discovered to have been indexed by popular search engines like Google, violating the Family Educational Rights and Privacy Act.

...."This was supposedly an intranet, that when you set your permissions the only people that are supposed to get to the site are people that are logged into the network and have the permissions to get to that site." said Bilodeau. "Thinking that we had to close it off to the whole world was beyond what I even understood. I thought it was only people here at Olympic College that had accounts."

... Breach Description:"Details have emerged of a theft of a laptop containing pension details of BSkyB staff and other firms. The theft, involving an employee from the accountancy firm Deloitte, occurred last month."

Vodafone has lost data, including the dates of birth and national insurance numbers of thousands of employees, after a laptop containing pension data was stolen.

The laptop was stolen from external auditor Deloitte during a recent statutory pension scheme audit and also contained employee’s surnames and initials, employee number and grade, as well as pensionable salary, earnings and contribution information.... The laptop contained details of all Vodafone UK staff with pensions as well as scheme holders from BSkyB, Network Rail and Railway Pensions.

“The laptop was protected by a number of security measures, including start up password, operating system user ID / password authentication and encryption."

DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network. DS

The FBI almost certainly closed DarkMarket in preparation for a global wave of arrests that will unfold in the next month or so. The site was likely shuttered to avoid an Agatha Christie scenario in which a diminishing pool of cybercrooks are free to speculate about why they're disappearing one-by-one like the hapless dinner guests in Ten Little Indians.

Child predators will be easier to track online because of two new laws President Bush signed Monday.

The Protect Our Children Act--which includes provisions introduced by Sens. Joe Biden (D-Del.), Hillary Clinton (D-N.Y.), and John McCain, (R-Ariz.)--sets requirements for Internet companies to report incidences of child pornography. It also authorizes more than $320 million for the Justice Department over the next five years for, among other things, the Internet Crimes Against Children Task Force.

While the KIDS Act does not permit sex offenders' Internet identifiers to be made public, it does require the attorney general to share the information with social-networking Web sites, so the sites can [Not required? Bob] compare the identifying information with that of their respective users. The bill was sponsored by Chuck Schumer (D-N.Y.) in the Senate and Earl Pomeroy (D-N.D.) in the House.

A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said.

Posted by kdawson on Monday October 13, @08:07PM from the ip-con dept. Government

I Don't Believe in Imaginary Property writes

"President Bush has signed the EIPRA (AKA the PRO-IP Act) and created a cabinet-level post of 'Copyright Czar,' on par with the current 'Drug Czar,' in spite of prior misgivings about the bill. They did at least get rid of provisions that would have had the DOJ take over the RIAA's unpopular litigation campaign. Still, the final legislation (PDF) creates new classes of felony criminal copyright infringement, adds civil forfeiture provisions that incorporate by reference parts of the Comprehensive Drug Abuse Prevention and Control Act of 1970, and directs the Copyright Czar to lobby foreign governments to adopt stronger IP laws. At this point, our best hope would appear to be to hope that someone sensible like Laurence Lessig or William Patry gets appointed."

Posted by kdawson on Tuesday October 14, @05:30AM from the oxy-meet-moron dept. Microsoft It's funny. Laugh.

hankwang writes

"Did you know that Microsoft has ethical guidelines? It's good to know that 'Microsoft did not make any payments to foreign government officials' while lobbying for OOXML, and that 'Microsoft conducts its business in compliance with laws designed to promote fair competition' every time they suppressed competitors. In their Corporate Citizenship section, they discuss how the customer-focused approach creates products that work well with those of competitors and open-source solutions. So all the reverse-engineering by Samba and OpenOffice.org developers wasn't really necessary."

Posted by ScuttleMonkey on Monday October 13, @03:27PM from the enrollment-and-dropout-numbers-to-spike dept.

alphadogg writes to tell us that one freshman class has a little more than usual to be excited about. When students at Abilene Christian University showed up for their first days of class they were greeted with the choice of either a new iPhone 3g or an iPod Touch plus a package of custom web apps to use on them.

"The hardware is part of the Texas university's pilot mobile learning project, which has been gestating for over a year. About 650 first-year students chose the iPhone, and about 300 the iPod Touch, which is a very similar device but without the 3G radio (both devices incorporate an 802.11g Wi-Fi adapter). ACU pays for the hardware, student (or their parents) select and pay for their monthly AT&T service plan."

Open source is a development and distribution strategy that software developers use to get their products into the hands of users. It's not a business model.

The business model is found in the additional value that developers (which are often vendors) put on top of the software in the form of support, additional features, etc. These provide revenue opportunities, which in turn creates a business

Posted by kdawson on Tuesday October 14, @02:51AM from the storms-a-comin' dept.

Orbity sends in a Boston Globe report on the unusual calm on the surface of the sun. The photos, many taken in more active solar times, are excellent — see the sequence from last year of a coronal mass ejection carrying away the tail of a comet.

"The Sun is now in the quietest phase of its 11-year activity cycle, the solar minimum — in fact, it has been unusually quiet this year — with over 200 days so far with no observed sunspots. The solar wind has also dropped to its lowest levels in 50 years. Scientists are unsure of the significance of this unusual calm..."

Posted by ScuttleMonkey on Monday October 13, @05:47PM from the squeeze-as-much-as-you-can dept. Science Technology

leprasmurf writes

"Inhabitat has posted an article detailing a recent announcement of a process to turn CO2 into fuel. The process, which used to be considered too energy inefficient, uses a multi-step, low pressure, and low temperature biocatalyst to break the CO2 into 'basic hydrocarbon building blocks.'"

Amid concern on privacy and security on the Internet, Indonesian Ministry of Education put up a database of students online in details and down-loadable files. There are at least 36 million students database listed on the website in the excel files containing names, date and place of birth and addresses!

Commission consults on how to put Europe into the lead of the transition to Web 3.0

News release, September 29, 2008: "Europe could take the lead in the next generation of the Internet. The European Commission today outlined the main steps that Europe has to take to respond to the next wave of the Information Revolution that will intensify in the coming years due to trends such as social networking, the decisive shift to on-line business services, nomadic services based on GPS and mobile TV and the growth of smart tags. The report shows that Europe is well placed to exploit these trends because of its policies to support open and pro-competitive telecom networks as well as privacy and security. A public consultation has been launched today by the Commission on the policy and private sector responses to these opportunities. The Commission report also unveils a new Broadband Performance Index (BPI) that compares national performance on key measures such as broadband speed, price, competition and coverage. Sweden and the Netherlands top this European broadband league, which complements the more traditional broadband penetration index used so far by telecoms regulators."

New Delhi: Telecom regulator Telecom Regulatory Authority of India, (TRAI) has disconnected 10,051 telephones of telemarketers for repeatedly violating the 'National Do Not Call Registry' (NDNC) a database of telephone numbers of subscribers who do not want to receive unsolicited commercial calls, that was operationalised on 12 October 2007.

Posted by CmdrTaco on Monday October 13, @08:30AM from the who-needs-office-anyway dept. Software

SNate writes

"After a grinding three-year development cycle, the OpenOffice.org team has finally squeezed out a new release. New features include support for the controversial Microsoft OOXML file format, multi-page views in Writer, and PDF import via an extension. Linux Format has an overview of the new release, asking the question: is it really worth the 3.0 label?"

Posted by CmdrTaco on Monday October 13, @09:15AM from the cashing-in-on-your-crimes dept. Security IT

An anonymous reader writes

"Eight years ago Mafiaboy (Michael Calce) knocked Yahoo offline. Today he he works as a legitimate security consultant and has just published a book documenting his criminal career and offering advice on how people can protect themselves from people like him on the Internet."

IT Strategy: The pendulum swings again. This doesn't happen in all industries at the same time. While some are centralizing others are decentralizing – and for exactly the same reasons – control! (The comments reflect the various arguments...)

Posted by timothy on Monday October 13, @02:01AM from the dialectic-materialism dept

One of the seemingly eternal questions in managing personal computers within organizations is whether to centralize computing power (making it easy to upgrade or secure The One True Computer, and its data), or push the power out toward the edges, where an individual user isn't crippled because a server at the other side of the network is down, or if the network itself is unreliable. Despite the ever-increasing power of personal computers, the New York Times reports that the concept of making individual users' screens portals (smart ones) to bigger iron elsewhere on the network is making a comeback.

Another IT strategy: When markets crash, it is cheaper to buy companies with oil reserves than to explore for new oil. Same with Market Share...

Redwood City start-up NComputing, whose technology uses the power of a single PC to power up to seven computing terminals, is set to announce on Monday that it has started the process of equipping 5,000 schools in India with its technology.

NComputing will provide about 50,000 students [more like 50,000 PCs Bob] with access to the Internet as part of the deal, which will use two PCs in each computer lab to power 10 terminals at schools in the Indian state of Andhra Pradesh. The deal itself is part of a $100 million effort that includes operating and powering the lab for five years, as well as all the needed gear. NComputing's chunk of that is about $2 million.

Abstract. Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of 'STRIDE per element.' The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.

The placement of a business is no easy matter – actually, it can determine the viability or not of a specific venture. Bearing this in mind, it is useful to have a tool like ZoomProspector at hand.

This web-based service (which has just come out of private beta) enables the interested party to find the best location for a given business by weighing up a myriad of aspects and factors.

The site makes for both a community and a property search. The former takes into consideration communities that exactly match the location requirements that the user specifies beforehand. Moreover, a ranked list of communities that best match a concrete business can be displayed. It is important to mention that communities that have a population that amounts to less 65,000 individuals are not taken into account.

For its part, the featured property search lets the user set down criteria like State, property type and minimum and maximum size of the premises. An interactive map is included as well for browsing convenience.

Finally, the site also features an advanced search tool that seems to merge together the two search options that have been just described, as both geography and community qualities are considered.

No doubt they have solid scientific research backing these tests – perhaps from the RIAA legal department?

A while back, the Office of the Director of National Intelligence (ODNI) said it wanted to start reviewing wannabe spies' "cyber behavior," before they handed the spooks security clearances. Suspect activities might include "social network usage," "compulsive internet use," "distribution of pirated materials," and "online contact with foreign nationals," the ODNI said.

Back when I was a kid, we didn't have eyes, so we didn't watch music videos... (Why no Classical Videos? “Boppin' with Bach,” “Moving with Mozart,” “”Rocking wid Ravel”)

There is a preponderance of music video sites on the web, and they just keep on rolling along. A new contender is the J1VEBOX website. This particular portal has all the usual goodies and features, namely a large archive that can be accessed with ease and features that make for community interaction.

The featured database of artists can be searched using the provided tool. This returns not only exact matches but also approximate results. Of course, it is also possible to browse by category, and these include “Best Rock Songs”, “Hip-Hop”, “Pop” and “Latin” to name just a few. In addition to that, video files of note are spotlighted under the “Top Videos” and “New Videos” headings. These are also spotlighted on the main page, alongside the “Video of the day”.

"Researchers conducted a genome-wide association study of 1,125 Caucasian men who had been assessed for male pattern baldness. They found two previously unknown genetic variants on chromosome 20 that substantially increased the risk of male pattern baldness. They then confirmed these findings in an additional 1,650 Caucasian men. 'If you have both the risk variants we discovered on chromosome 20 and the unrelated known variant on the X chromosome, your risk of becoming bald increases sevenfold. What's startling is that one in seven men have both of those risk variants.'"

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.